Liveness Settings

Liveness Configuration

Keyless SDK provides three officially-supported configurations for the liveness detection (antispoofing component), listed below from the lowest to the highest level of security:

  • PASSIVE_STANDALONE_MEDIUM - for testing purposes only

  • PASSIVE_STANDALONE_HIGH - for most production use (SDK default)

  • PASSIVE_STANDALONE_HIGHEST - for higher security production use

Increasing the security level increases the ability of the system to reject spoof attempts (true positive rate, or TPR). A higher security level also increases the genuine reject rate (false positive rate, or FPR) and the time required by the anti-spoofing module to make a decision.

For most production scenarios, Keyless recommends the use of PASSIVE_STANDALONE_HIGH. This setting offers a good tradeoff between TPR, FPR, and time-to-decision. For scenarios that require a higher security level, we recommend increasing this setting to PASSIVE_STANDALONE_HIGHEST.

Configuring livenessEnvironmentAware

The livenessEnvironmentAware feature enforces stricter environmental checks during the liveness process and is an important layer of protection against biometric attacks. This is set to true by default for enhanced security pruposes.

Note that we have observed that on a very limited set of devices this may prevent some users from authenticating with Keyless and in this case the SDK will return an 20021 error. To provide flexibility, we include the option to disable this check (by setting to false) in the event where it cannot fully function as designed due to limitations with these specific devices. When set to false these devices will then be able to authenticate.

Please note setting this to configuration to false does not switch off the feature in the vast majority of cases, but only in the cases where the device has inherent limitations and cannot provide all of the data the feature requires.

For security purposes, we have not detailed exaclty what data these liveness feature leverages, and have remained deliberately vague on the precise implications of the true/false configuration in order to avoid providing insight to attackers. We're of course happy to provide more detailed advice on request in less public settings.

Relax liveness checks for testing purposes

Below follows a liveness configuration example for testing pruposes only should facilitate testing the happy path of "passing the liveness checks".

// ONLY FOR TEST

// Authentication Configuration
val authConfig = BiomAuthConfig(
        livenessConfiguration = LivenessSettings.LivenessConfiguration.PASSIVE_STANDALONE_MEDIUM,
        livenessEnvironmentAware = false
)


// Enrollment Configuration
val enrollConfig = BiomEnrollConfig(
        livenessConfiguration = LivenessSettings.LivenessConfiguration.PASSIVE_STANDALONE_MEDIUM,
        livenessEnvironmentAware = false
)


// De-Enrollment Configuration
val deEnrollConfig = BiomDeEnrollConfig(
        livenessConfiguration = LivenessSettings.LivenessConfiguration.PASSIVE_STANDALONE_MEDIUM,
        livenessEnvironmentAware = false
)

Last updated

Was this helpful?